Skip to main content

Are you a legal professional? Visit our professional site

Search for legal issues
For help near (city, ZIP code or county)
Please enter a legal issue and/or a location

Should Lawyers Urge Clients to Take Action on Cybersecurity?

Article Placeholder Image
By Casey C. Sullivan, Esq. on September 29, 2016 1:57 PM

It's axiomatic these days that companies need to take cybersecurity seriously, lest they end up like the next Yahoo!, who recently revealed that it suffered the largest hack ever, potentially jeopardizing its plans to be acquired by Verizon. But cybersecurity protections can be restrictive and expensive, leading some clients to overlook them for as long as they can.

What's a lawyer to do? Surprisingly, the jury is still out, with some attorneys urging their colleagues to become more proactive in promoting cybersecurity among their clients, while others suggest a more cautious approach.

The Case for Being a Cybersecurity Advocate

Those arguing for a proactive approach to client cybersecurity include Alan Winchester, a partner at New York's Harris Beach. Speaking at ALM's cyberSecure conference on Wednesday, Winchester urged attorneys to ask their clients about data protection and tell them to seek out outside counsel should they be hacked or attacked, the New York Law Journal's Nell Gluckman reports.

"Rather than seeing cybersecurity as a reductive, restrictive, disabling part of our operations, I challenge every lawyer in the room to see it as an enabler," Winchester said. He recommended that firms develop data breach plans and have outside experts on call, should they need them. (It should be mentioned that Winchester is also a consultant at HB Solutions, a wholly-owned subsidiary of Harris Beach, which offers data privacy and cybersecurity services.)

And the Case Against

Not everyone was convinced. Solo practitioner Anand Ahuja wondered whether it was wise to offer advice about cybersecurity "unless my client comes to me and asks for a vendor," Gluckman reports. Ahuja's main concern seemed to be the risk of liability should things not work out.

"If something goes wrong, you are the co-defendant. Any advice you give has no value unless you're being asked," he said.

Winchester didn't entirely disagree, acknowledging that "you assume some risk by bringing another person to the table." But "the key is vetting," he argued, so that you can ensure that the person you recommend has the necessary skills and aptitude. Providing skilled, qualified experts can help attorneys attract "better clients," Winchester argued.

And the Jury Says?

We're inclined to side with Winchester here. Attorneys often advise clients about beneficial services the client might not have specifically asked for -- the crass term for this is "cross selling" -- whether it's estate planning or data protection.

And if you're doing your job well, making sure that any course of action you suggest to a client is a wise one and that the services you offer are actual what the client needs, the risks are likely to be minimal.

But that's just our two cents.

What do you think? Weigh in below.

Should lawyers proactively recommend cybersecurity protections for clients?
No, not unless the clients ask.
Yes, if it will benefit the client.
It depends...
online poll

Related Resources:

Find a Lawyer

More Options